CVE-2017-9343 - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This wa

CVE-2017-9343

Summary

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.

References

Vulnerable Configurations

cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.2.6:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-03-2019 - 18:27)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	98797
misc	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1678 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=27556320b41904716b9c9f73ef8f4fe705d1e669 https://www.wireshark.org/security/wnpa-sec-2017-30.html
sectrack	1038612

Last major update

19-03-2019 - 18:27

Published

02-06-2017 - 05:29

Last modified

19-03-2019 - 18:27